PT-2011-5092 · Parallels+1 · Parallels Plesk Small Business Panel+1

Published

2011-12-16

Updated

2017-08-29

CVE-2011-4762

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Parallels Plesk Small Business Panel version 10.2.0

Description The issue involves Parallels Plesk Small Business Panel sending incorrect Content-Type headers for certain resources. This might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving the /smb/app/top-categories-data/ endpoint and certain other files. It is possible that only clients, not the SmarterStats product, could be affected by this issue.

Recommendations For Parallels Plesk Small Business Panel version 10.2.0, consider restricting access to the /smb/app/top-categories-data/ endpoint until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2011-4762

Affected Products

Parallels Plesk Small Business Panel

Smarterstats

PT-2011-5092 · Parallels+1 · Parallels Plesk Small Business Panel+1

CVE-2011-4762

Related Identifiers

Affected Products

References · 3